X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=dummynet2%2Fip_fw_pfil.c;h=52d85a51c6cef268e38481811b2eeadeb6542a37;hb=40445faa1db58b90083115bc315d095e7eb2fe51;hp=db7cec65e7f7a979e9352fa8d9865e2262ccc3be;hpb=4e189c94aef3d3e9a4e8edfd2bb989feeb5d5e26;p=ipfw.git diff --git a/dummynet2/ip_fw_pfil.c b/dummynet2/ip_fw_pfil.c index db7cec6..52d85a5 100644 --- a/dummynet2/ip_fw_pfil.c +++ b/dummynet2/ip_fw_pfil.c @@ -59,7 +59,6 @@ __FBSDID("$FreeBSD: head/sys/netinet/ipfw/ip_fw_pfil.c 200601 2009-12-16 10:48:4 #include #include #include -#include #include #include @@ -74,16 +73,13 @@ static VNET_DEFINE(int, fw6_enable) = 1; int ipfw_chg_hook(SYSCTL_HANDLER_ARGS); -/* Divert hooks. */ -void (*ip_divert_ptr)(struct mbuf *m, int incoming); - -/* ng_ipfw hooks. */ -ng_ipfw_input_t *ng_ipfw_input_p = NULL; - /* Forward declarations. */ static int ipfw_divert(struct mbuf **, int, struct ipfw_rule_ref *, int); #ifdef SYSCTL_NODE + +SYSBEGIN(f1) + SYSCTL_DECL(_net_inet_ip_fw); SYSCTL_VNET_PROC(_net_inet_ip_fw, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_enable), 0, @@ -94,6 +90,9 @@ SYSCTL_VNET_PROC(_net_inet6_ip6_fw, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw6_enable), 0, ipfw_chg_hook, "I", "Enable ipfw+6"); #endif /* INET6 */ + +SYSEND + #endif /* SYSCTL_NODE */ /* @@ -111,7 +110,8 @@ ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir, int ret; /* all the processing now uses ip_len in net format */ - SET_NET_IPLEN(mtod(*m0, struct ip *)); + if (mtod(*m0, struct ip *)->ip_v == 4) + SET_NET_IPLEN(mtod(*m0, struct ip *)); /* convert dir to IPFW values */ dir = (dir == PFIL_IN) ? DIR_IN : DIR_OUT; @@ -220,7 +220,7 @@ again: case IP_FW_NGTEE: case IP_FW_NETGRAPH: - if (!NG_IPFW_LOADED) { + if (ng_ipfw_input_p == NULL) { ret = EACCES; break; /* i.e. drop */ } @@ -243,7 +243,7 @@ again: FREE_PKT(*m0); *m0 = NULL; } - if (*m0) + if (*m0 && mtod(*m0, struct ip *)->ip_v == 4) SET_HOST_IPLEN(mtod(*m0, struct ip *)); return ret; }